Home Tags Hash

Tag: Hash

VU#489392: Acronis True Image fails to update itself securely

Acronis True Image fails to securely check for and retrieve updates,which an allow an authenticated attacker to execute arbitrary code with administrator privileges.

50 hashes per hour

In this research we'll be revisiting the USB port – this time in attempts to intercept user authentication data on the system that a microcomputer is connected to.

As we discovered, this type of attack successfully allows an intruder to retrieve user authentication data – even when the targeted system is locked.

Dridex: A History of Evolution

In the several years that the Dridex family has existed, there have been numerous unsuccessful attempts to block the botnetrsquo;s activity.

The ongoing evolution of the malware demonstrates that the cybercriminals are not about to bid farewell to their brainchild, which is providing them with a steady revenue stream.

WannaCry and Lazarus Group – the missing link?

Moments ago, Neel Mehta, a researcher at Google posted a mysterious message on Twitter.

The cryptic message in fact refers to similarity between samples that have shared code between themselves.

The two samples Neel refers to post are a Wannacry cryptor sample and a Lazarus APT group sample.

Microsoft Makes it Official, Cuts off SHA-1 Support in IE, Edge

Yesterday’s Patch Tuesday release also included an update to Microsoft’s Internet Explorer and Edge browsers officially ending support for the SHA-1 hash function.

Microsoft finally bans SHA-1 certificates in Internet Explorer, Edge

The Tuesday updates for Internet Explorer and Microsoft Edge force those browsers to flag SSL/TLS certificates signed with the aging SHA-1 hashing function as insecure.

The move follows similar actions by Google Chrome and Mozilla Firefox earlier this year.Browser vendors and certificate authorities have been engaged in a coordinated effort to phase out the use of SHA-1 certificates on the web for the past few years, because the hashing function no longer provides sufficient security against spoofing.[ Safeguard your data! The tools you need to encrypt your communications and web data. • Maximum-security essential tools for everyday encryption. • InfoWorld's encryption Deep Dive how-to report. | Discover how to secure your systems with InfoWorld's Security Report newsletter. ]SHA-1 (Secure Hash Algorithm 1) dates back to 1995 and has been known to be vulnerable to theoretical attacks since 2005.

The U.S. National Institute of Standards and Technology has banned the use of SHA-1 by U.S. federal agencies since 2010, and digital certificate authorities have not been allowed to issue SHA-1-signed certificates since Jan. 1, 2016, although some exemptions have been made -- for example, for outdated payment terminals.To read this article in full or to leave a comment, please click here

Russian RATs bite Handbrake OSX download mirror

Check your hash, delete the app, change your passwords If you use the popular video transcoder Handbrake on a Mac, the distributors want you to check the download hash after one of their mirrors was compromised.…

The hijacking flaw that lurked in Intel chips is worse than...

Patch for severe authentication bypass bug won’t be available until next week.

Researcher finds LastPass 2FA could become 1FA

Not only was LastPass using a password hash in its two-factor authentication scheme, but 2FA could be disabled by an attacker, a security researcher has found.

Unraveling the Lamberts Toolkit

The Lamberts is a family of sophisticated attack tools that has been used by one or multiple threat actors against high-profile victims since at least 2008.

The arsenal includes network-driven backdoors, several generations of modular backdoors, harvesting tools, and wipers.

Mozilla project keeps compromised apps out of circulation

Mozilla has long used its Firefox browser as a staging platform for other innovations. One of the first real-world applications for its fast-and-safe systems language Rust, for instance, is rewriting some of Firefox's innards.Now comes a project called Binary Transparency, an effort to ensure that every Firefox binary produced by Mozilla is the same one that everyone else has received and hasn't potentially been tampered with.[ Also on InfoWorld: 19 open source GitHub projects for security pros. | Discover how to secure your systems with InfoWorld's Security Report newsletter. ]At first this sounds like a glorified version of using hash signatures or checksums, which most every organization that supplies binaries of its apps does. But Mozilla has a more ambitious plan: To make it difficult for anyone to distribute compromised copies of an application, even if they come from Mozilla.To read this article in full or to leave a comment, please click here

Git sprints carefully towards SHA-1 deprecation

The sky still isn't falling Following the February controversy over whether or not Google's SHA-1 collision broke Git, its community has taken the first small steps towards replacing the ancient hash function.…